<?php



	if(!empty($_POST)){

		$u = $_POST['username'];

		$p = md5($_POST['password']);

		$c = $_POST['code'];

		//cookie不为空且用户直接使用cookie密码登录时
		 if(!empty($_COOKIE['username']) && $_COOKIE['password']==$_POST['password'] ){

			$p = $_COOKIE['password'];

		}

		if ($c != $_SESSION['code']) {
			echo '<script type="text/javascript">alert("验证码错误！");history.go(-1);</script>';
			die;
		}

		$sql = "select * from `admin` where `username`='$u' and `password`='$p'";
		$result = mysqli_query($link,$sql );
		//print_r($_POST);
		$data = mysqli_fetch_assoc($result);
		if (!empty($data)) {
			if (!empty($_POST['auto_login'])) {
				setcookie('auto_login',$_POST['auto_login'],time()+3600*24*7);
			}
			if(!empty($_POST['check'])){
				setcookie('username',$u,time()+3600*24*7);
				setcookie('password',$p,time()+3600*24*7);
			}else {
				setcookie('username','',0);
				setcookie('password','',0);
			}

			$_SESSION['admin'] = $data;
			 //print_r($_SESSION);
			echo '<script type="text/javascript">alert("登录成功！");self.location.href="index.php";</script>';
			//header('location:index.php');
			//die;

		}else {
			echo '<script type="text/javascript">alert("帐号或密码错误！");</script>';
			//die;
		};

	};

	include ('protected/view/admin/admin/login.html');

?>


